#!/bin/bash
Openssh_Version=openssh-7.6p1
Dir=/usr/local/
Openssh_Dir=$Dir/${Openssh_Version} 
Openssl_buding=openssh-7.6p1-openssl-1.1.0-1.patch
#备份
[ -d /etc/ssh ] && mv /etc/ssh /etc/ssh.bak
[ -d /var/lib/sshd ] && mv /var/lib/sshd /var/lib/sshd.old
rm -rf /var/run/yum.pid &>/dev/null
#configure and install openssl software
yum -y install gcc gcc-c++ perl per-core make perl pam pam-devel telnet telnet-server
yum groupinstall 'Development Tools' 'Server Platform Development' 'Desktop Platform Development' -y
sed -i "s/yes/no/g" /etc/xinetd.d/telnet
service xinetd start
iptables -t filter -I INPUT 1 -p tcp -m state --state NEW --dport 23 -j ACCEPT 
#卸载系统自带的openssh软件包组
rpm -qa | grep openssh | xargs -i{} rpm -e --nodeps {}
cd /usr/local/src 
[ ! -f ${Openssh_Version}.tar.gz ] && wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${Openssh_Version}.tar.gz
[ ! -f ${Openssl_buding} ] && wget http://www.linuxfromscratch.org/patches/blfs/svn/${Openssl_buding} 
[ ! -d $Dir ] && mkdir -p $Dir
#删除原系统中的sshd账户及组
userdel -r sshd
userdel -r ftp
#创建sshd用户并设置权限
install  -v -m700 -d /var/lib/sshd && chown -R root.sys /var/lib/sshd 
groupadd -g 50 sshd 
useradd -c 'sshd privsep' -d '/var/lib/sshd' -g sshd -s /bin/false -u 50 sshd
cd /usr/local/src
tar xf ${Openssh_Version}.tar.gz && cd ${Openssh_Version} 
patch -Np1 -i ../${Openssl_buding}
./configure --prefix=${Openssh_Dir} --exec-prefix=/usr --libexecdir=/usr/libexec/openssh-7.6p1 --datarootdir=/usr/share  --sysconfdir=/etc/ssh --with-selinux --with-privsep-path=/var/lib/sshd  --with-pam  --with-md5-passwords --with-ssl-dir=/user/local/openssl-1.1.0f && make install
install -v -m755    contrib/ssh-copy-id /usr/bin 
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-7.6p1
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.6p1/
cd contrib/redhat/sshd.init /etc/init.d/sshd
cp contrib/redhat/sshd.init /etc/init.d/sshd
mv /etc/init.d/sshd /etc/init.d/sshd.old
cp contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd


